What is Endpoint Protection Software?

Endpoint protection software includes a variety of security applications that protect an organization's endpoints, such as servers and PCs, from malware infections, cyberattacks, and other threats. Organizations need endpoint protection software to protect their information technology (IT) systems from infiltration through an endpoint breach, as well as to safeguard the data on employee laptops and PCs. Cyberattackers often target vulnerable endpoints, such as smartphones or unprotected web browsers, to gain a foothold into an organization's network. The SANS Institute's 2018 survey Endpoint Protection and Response found that 42% of organizations have experienced an endpoint breach. Many other breaches may simply go undetected.

Because endpoints connect to IT networks and servers, an unprotected endpoint can pose a significant security liability. A compromised endpoint can lead to unauthorized access of applications, data theft, ransomware infection, or a shutdown of critical systems.

Seven categories of endpoint protection software

Below are the main categories of endpoint protection software:

Anti-malware. Anti-malware is one of the earliest forms of endpoint security and is designed to prevent malware from entering an IT system through its endpoints. A common example of malware infection is an employee opening a seemingly innocent email attachment that is actually malware, which then spreads throughout the network. Anti-malware software can detect the suspicious file and quarantine or delete it. Anti-malware may detect a range of threats including rootkits and ransomware, as well as anti-phishing security.

Web browser security. The web browser is increasingly the interface that employees use to access work applications. Both cloud-based applications and on-premises, web-enabled applications use browser interfaces. Browsers make applications easy to access from any computer over a network or the internet. But they also present security challenges. Employees may accidently visit a website that is infected with malware, which then infects the browser. In addition, some browser extensions have security vulnerabilities. There are three types of web security:

Web filtering. The most common web security tool is the web filter, which controls access to websites and blocks known malware files. Filters can be installed at the endpoint or can be deployed over the network.

Web gateway. A more advanced type of web security is the web gateway. This approach provides more sophisticated features, such as behavioral analysis to detect zero-day malware, or in-depth SSL inspection to identify encrypted threats.

Anti-exploit tools. Threat, or exploit, prevention focuses on detecting and blocking advanced exploits against the browser. A successful exploit may permit a hacker to remotely control a computer, create a backdoor for future access to a system, steal data, or upload and execute malware. Exploit prevention software identifies common vulnerabilities and employs various strategies to block any attempted exploitation.

Mobile device management (MDM). MDM software protects mobile endpoints, such as smartphones and tablets, by enforcing security policies on the devices. IT administrators can send security rules and commands to a device, erase data on a lost phone, or lock the device. Additionally, IT administrators may use MDM to deploy applications to employee devices.

Mobile Threat Defense (MTD). Unlike MDM software, MTD solutions continuously monitor the device, both on and off the network, to detect and stop suspicious activity on the device or the network. MTD software can detect malware, suspicious modification of settings, and insecure SSL connections.

Endpoint detection and response (EDR). EDR software is focused on continuous monitoring for, and response to, advanced threats such as multilayered or coordinated attacks against multiple endpoints. Advanced threats are on the rise and can’t always be detected by other types of endpoint security tools. EDR software looks for suspicious behavior and provides alerts when detecting unusual endpoint activity. EDR collects a variety of endpoint data to provide IT departments better visibility into the endpoint threat environment. EDR solutions may provide advanced analytics and threat hunting tools.

Data loss prevention (DLP). DLP software enforces policies on data sharing and blocks restricted types of content from being sent outside of an organization. For example, an employee would be prevented from downloading a list of clients to a USB stick, and a hacker would be prevented from uploading a list of employee bank account numbers to cloud storage. DLP categorizes and monitors files, data, emails, and other content to ensure that only authorized users access and share the data. Data loss prevention software can help ensure compliance with data privacy and security regulations and is an important element in any compliance strategy.

Embedded systems security. Non-traditional endpoints such as industrial control systems, medical imaging systems, printers, and network routers are vulnerable to attack. The number of these embedded, smart devices is growing fast, providing hackers with a foothold into any attached network. An attacker may also aim to cripple an embedded system, such as an electrical grid. Embedded security includes whitelisting to block unauthorized software or IP addresses, and file integrity monitoring to look for unauthorized changes to configurations or software.

How to choose the right endpoint protection software?

There are many issues to consider when choosing an endpoint security solution, such as software effectiveness, the financial stability of the vendor, and the scalability of the software. Below are three key considerations to consider for organizations adopting endpoint security software:

Deployment model. Endpoint security software may be deployed as an on-premises application or a cloud-based service. Security applications are increasingly delivered as cloud services, as cloud-based computing offers several advantages over on-premises software. The benefits of a cloud-based security solution include flexibility, scalability, web-based management for remote access, and real-time threat intelligence on trending and zero-day threats. The provider automatically updates and maintains the cloud services, making less work for the customer's IT department. However, some organizations require an on-site solution, either because they are not yet cloud-enabled, they have the resources to manage a security solution on-site, or regulatory agencies require them to keep data in-house.

Integration between products. The ability to share data and context between endpoint solutions is increasingly critical to detecting, preventing, and analyzing sophisticated cyberattacks. Many security solution providers have adopted a common data exchange architecture, such as OpenDXL, and can interoperate. Other products may come as modules in an endpoint protection platform (EPP). Isolated, point products typically only work well in environments where there are limited endpoint security needs.

Advanced capabilities, such as machine-learning behavior classification, enable security products to detect zero-day threats in near real time. Artificial intelligence (AI) and machine learning enable endpoint software to learn over time and to become more effective at detecting potential threats. When combined with a real-time threat intelligence feed, an advanced endpoint solution can catch many attacks that would otherwise evade detection.

Organizations today face a rising number of threats to their data and IT systems. Endpoint protection software can improve security by detecting and blocking threats before they penetrate the network. An integrated solution with capabilities such as anti-malware, web browser security, MDM, EDR, and DLP provides collaborative, layered security capable of detecting and blocking most threats.

McAfee, the market leader in endpoint security, offers a full range of solutions that combine endpoint protection with efficient endpoint management. Accelerated time to protection, improved performance, and effective management empower security teams to resolve more threats faster with fewer resources.